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Abstract—Recently an online electric vehicle (OLEV) concept has been introduced, where vehicles are propelled through the 
wirelessly transmitted electrical power from the infrastructure installed under the road while moving. The absence of secure- 
and-fair billing is one main hurdle to widely adopt this promising technology. This paper introduces a secure and privacy- 
aware fair billing framework for OLEV on the move through the charging plates installed under the road. We first propose 
two extreme lightweight mutual authentication mechanisms, a direct authentication and a hash chain-based authentication 
between vehicles and the charging plates that can be used for different vehicular speeds on the road. Second we propose 
a secure and privacy-aware wireless power transfer on move for the vehicles with bidirectional auditability guarantee by 
leveraging game-theoretic approach. Each charging plate transfers a fixed amount of energy to the vehicle and bills the 
vehicle in a privacy-aware way accordingly. Our protocol guarantees secure, privacy-aware, and fair billing mechanism for 
the OLEVs while receiving electric power from the road. Moreover our proposed framework can play a vital role in eliminating 
the security and privacy challenges in the deployment of power transfer technology to the OLEVs. 

Index Terms— Online Electric Vehicle, Wireless Power Supply, Privacy, Auditability, Billing 
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1 Introduction 

As the fuel price is going up, alternative fuel vehicles, in 
particular electric vehicles, are getting more attentions. 
Previously, electric vehicles were suffering from various 
issues such as low reliability, high consumer satisfaction, 
and low return on investment Q. However, thanks 
to the recent advancements in automotive, electronics, 
and communication technologies, electric vehicles have 
overcome the issues and have become pervasive on the 
present highways. Still, there are a number of challenges 
to deal with in order to make electric vehicles more 
practical. One of the most crucial problems is that the 
capacity of the state-of-art battery for electric vehicles 
is not sufficient to drive the cars over a long distance 
without recharging. It is well-known that the battery 
technology has been slowly improved Q, and thus we 
can hardly expect to have a much higher capacity battery 
for electric vehicles in the near future. Meanwhile, as 
of today, there is a relatively small number of places 
to recharge the battery of an electric vehicle along a 
highway ||^. Most of all, compared to the time to refuel 
a traditional vehicle with combustion engine, it takes 
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a significant longer time to charge the battery through 
plug-in technology in a charging station Q or by staying 
on a wireless charging plate (CP) ||^. 

Recently, the concept of online electric vehicl^ is 
introduced to alleviate the aforementioned issues of 
electric vehicles, where electric vehicles with a special 
onboard unit can obtain the electricity on the move in 
a wireless marmer while passing over a road surface 
under which power-line is installed. It is envisioned that 
this new technology will make a significant contribution 
to expand the adoption of electric vehicles. Despite the 
apparent benefits, there are still a number of issues to 
identify on the wide deployment of online electric vehi¬ 
cles. In particular, consider the problem of designing a 
proper billing scheme for this wireless-charging-on-the- 
move strategy. One straightforward solution would be 
taking a picture of every vehicle which is entering a road 
designed for online electric vehicles, and send the flat 
amount of bill to each of them. This strategy works well 
for many vehicles with combustion engine on modern 
toll highways where they pay their toll tax in a wireless 
and efficient marmer. However, it is clearly not fair for 
online electric vehicles with almost fully charged battery 
to pay the same amount of money paid by those vehicles 
with almost empty battery since the driver of a vehicle 
with the fully charged battery may not want to use the 
online power service to save cost. In addition, collecting 
the pictures of the vehicles entering every part of the 
road is almost not possible and also can cause a privacy 

1. http://olev.kaist.ac.kr/en/index.php 
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Fig. 1: Online electric vehicle can charge its battery 
while moving after the authentication with the highway 
segment. 


issue, and therefore, if is nof desirable even fhough this 
strategy is widely used for toll tax collection at toll plaza 
on the highways. Moreover, recently radio frequency 
idenfificafion (RFID) gained a lof of atfenfion from fhe 
service providers and has been widely deployed due fo 
ifs simple operafion and low cosf However, our 

case is complefely differenf from RFID scenario because 
in our case fhe requiremenfs for fraceabilify and denia- 
bilify are crifical when compared fo RFID aufhenficafion 
and billing. Hence fhe comparison befween RFID-based 
solufions and our scenario would nof be fair. 

Mofivafed by our observations, in this paper, we 
propose a new secure-and-fair billing framework for 
online elecfric vehicles. In defail, we propose fo adopf a 
road which consisfs of a series of short-and-equal-sized 
elecfricify supply segmenfs, each of which serves as a 
unif for billing. Before an online elecfric vehicle enters a 
new segment, it can decide to use the electricity while 
moving over the segment, or deny it depending on its 
current battery level. Once decided to use, it needs to 
authenticate itself fo fhe segmenf and obfain a secref fo 
consume elecfricify (see Fig. [^. To improve fhe degree 
of fairness and service granularify i.e. fo be billed for 
acfual use only, if is imporfant fo make fhe segmenf 
shorf. At the same time, to improve the efficiency of 
fhe segment, which is the actual rate of fhe segmenf 
used for charging againsf fhe porfion of fhe segmenf 
used for ofher use such as aufhenficafion, if is crucial fo 
design fhe aufhenficafion profocol fo be as lighfweighf 
as possible. To guaranfee fhe privacy of each driver 
and reduce fhe operafion cosf, if is highly desirable nof 
fo use camera for billing. Rafher fhan using camera fo 
fake fhe picfure of each vehicle fo enfer every segmenf, 
we propose a wireless communicafion based conditional 
privacy mechanism so that the real identity of fhe driver 
can be exposed only if fhere is a legal need such as 
refusing fo pay affer acfual elecfricify consumpfion. Fi¬ 
nally and mosf importantly, we provide a mutual audit 
mechanism through which a driver carmot deny the 
usage of legifimafe elecfricify as well as fhe elecfricify 
service provider cannof overcharge. 

In fhis paper, we propose a securify framework for 
elecfric vehicles which supporf fhe following relevanf 
feafures, and fhus fhe confribufions of fhis paper are: 

a. Bidirectional audit: we design a mechanism fhaf guar- 


anfees privacy-aware bidirecfional audifabilify for 
bofh elecfric power providing aufhorify and fhe ve¬ 
hicles. To deal wifh fhe billing and audifing, we pro¬ 
pose a semi-simulfaneous billing where each vehicle, 
when if charges ifs baffery is billed on plafe-by-plafe 
basis where each plafe delivers a consfanf amounf of 
energy. In ofher words, fhe vehicles are billed wifh a 
fixed amounf. 

b. Conditional privacy: we use mulfiple pseudonymous 
mechanism fo preserve fhe condifional privacy of fhe 
vehicles af every sfage of fhe profocol. 

c. Mutual authentication: We devise a fasf and 
lighfweighf aufhenficafion mechanism for vehicles 
and fhe charging plafes keeping in mind fhe porfion 
of fhe charging plafe designafed for aufhenficafion. 

d. Game-theoretic approach: We employ a game fheorefic 
approach fo model fhe proposed bidirecfional au¬ 
difabilify mechanism in order fo esfablish Nash Equi¬ 
librium befween fhe charging plafe and fhe vehicle. 

This paper proceeds as follows. Secfion II ouflines 
fhe sfafe of fhe arf regarding wireless power fransfer 
followed by fhe sysfem model and problem definifion 
in Secfion III. In Secfion IV, we oufline our proposed 
scheme and analyze our sysfem in Secfion V. In Secfion 
VI, we give our concluding remarks. 

2 State of the Art 

Today some of world mosf renowned aufomobile com¬ 
panies are producing baffery propelled vehicles and it 
is envisioned that soon electric vehicles will outclass 
the conventional automobiles due to economic and en- 
viromnental reasons. The technological breakthrough in 
both electrification technology and the energy storage 
technology has made it possible for fhe aufomobile 
companies fo achieve fhis milestone. From fhe sfudied 
conducfed so far, if can be inferred fhaf in the near 
future, most of fhe fossil fuel propelled vehicles will 
possibly be replaced by fhe elecfric vehicles (see pO]). In 
p0[ , Weissenger ef al. ouflined fhe speed range, sforage 
range, and fhe baffery f 5 rpes of vehicles fill fhe year 
2008. To dafe, many efficienf charging schemes have been 
proposed in fhe liferafure fo save fhe commute fime of 
fhe drivers O- However, fhe frequency of recharging is 
sfill a problem fhaf needs fo be addressed. 

To motivate fhe use of elecfric vehicles, a new concepf 
of wireless power fransfer (WPT) was infroduced |j^. 
In 1^, aufhors carried ouf a defailed survey regarding 
wireless power fransfer and covered many dimensions 
such as fhe disfance befween fhe fransmiffing and re¬ 
ceiving enfify, cosf of fhe fechnology and so forfh. The 
concepf of green car was infroduced in 2009 by KAIST, 
Soufh Korea by fhe name of online elecfric vehicle 
(OLEV) [T^ . The motivation for OLEV was fhe weighf 
and fhe cosf of fhe battery in elecfric vehicles, low 
frequency of charging, fasf insfallafion, low maintenance 
cosf and so forfh. To dafe, remarkable resulfs have 
been achieved by fhis projecf and currenfly fhey run 
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prototype buses in the KAIST campus South Korea 
|14|. Nonetheless, such online vehicle would require 
massive power-line infrastructure installed under the 
road. Moreover coverage would be another issue due to 
the cost factor. From mutual authentication standpoint, 
Chuang et al. 1151 proposed a hash-based authentication 
mechanism called trust-extended authentication mecha¬ 
nism (TEAM). TEAM adopts the concept of fransifive 
frusf relafionships where a normal vehicle becomes fhe 
frusfed enfify affer successful aufhenficafion and can 
delegafe fhe aufhenficafion process in fhe absence of 
fhe aufhorifies. Moreover TEAM does nof profecf fhe 
privacy since original ID is shared during aufhenficafion. 
On fhe ofher hand, even if a normal vehicle successfully 
aufhenficafes ifself, does nof guaranfee fhaf if will nof 
be malicious while delegating aufhenficafion function. 
Therefore, we believe fhaf fhe fransifive frusf may lead fo 
even worsf sifuafion from securify sfandpoinf in VANET. 

Billing is an imporfanf requiremenf in commercial 
networks and if can be absfracfly divided info two 
classes, time-based billing and content-based billing. In 
the former, nodes (subscribers or consumers) pay the 
service fee based on time, for instance the internet access 
charges and in the latter case, nodes pay based on the 
content they receive where the specific content costs a 
constant amount of money, for example downloading 
a song from iTunes and so forth p^ . A number of 
billing mechanisms have been proposed for wireless 
mesh networks m p8| commercial VANET applica¬ 
tion |16|, p^ . In p6|, the authors propose a portable 
authentication/authorization/accounting (AAA) frame¬ 
work for purchasing services from the RSUs. They use 
signature-based and key policy attribute-based encr 5 rp- 
tion (KP-ABE) in their billing mechanism to attain lo¬ 
calized fine-grained access control and also employ E- 
coin. In another work, Yeh et al. |[W1 propose a local 
and proxy-based authentication and billing scheme to 
lessen the long-distance communication overhead. They 
also propose an incentive-aware multi-hop forwarding 
for vehicles in the VANET. They use batch verification 
mechanism in their scheme to fulfill the security require¬ 
ments and signature-based communications. However, 
our service scenario is different because we deal with 
the charging plates installed underneath the road and 
such sophisticated cryptographic primitives will cause 
enormous delay. Therefore aforementioned schemes are 
not directly applicable in our scenario. 

In this paper, we to the best of our knowledge, for the 
first time propose a secure and privacy-aware mecha¬ 
nism to transfer the electric power to propel the vehicles 
moving on the road where the power transfer technology 
is installed underneath the road in the form of charging 
plates. Moreover our proposed scheme also guarantees 
bidirectional audit. Eirst we propose two lightweight and 
fast privacy-aware mutual authentication mechanisms 
between the vehicles and the charging plates installed 
under the road. The two authentication mechanisms 
can be adapted with different vehicular speeds and the 
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Pig. 2: Taxonomy of System Participants 


length of the charging plates. Then we propose a secure 
charging mechanism for vehicles with bidirectional au¬ 
ditability guarantee where vehicle is billed in a semi- 
simultaneous marmer on the per-plate basis. We also 
employ a game theoretic approach for modeling and 
guaranteeing auditability by establishing Nash Equilib¬ 
rium between the charging plates and the vehicles. 

3 System Model and Problem State¬ 
ment 

3.1 System Participants and Network Modei 

Our proposed system model consists of electric vehicles 
and an electric power delivery infrastructure. Electric 
power delivery service is exercised by the charging 
service providing authority (CSPA) that is responsible 
for providing the vehicles with electric charge through 
charging plates and bill them accordingly. The charging 
infrastructure is installed under the surface of the road 
and each road segment of certain length is covered by 
the charging plates. The charging plates also have a 
hardware for communication and computation purpose 
and these plates are responsible for authentication prior 
to battery charging, billing and logging the audit infor¬ 
mation. These charging plates communicate with both 
vehicles and CSPA back and forth during the charging 
and the billing process. We also introduce some compo¬ 
nents from vehicular ad hoc network (VANET) which 
are frequently assumed in VANET. These components 
are used by electric vehicle^ for initialization and regis¬ 
tration. These components include vehicle management, 
registration and revocation authorities. The department 
of motor vehicles (DMV) is at the top of the hierarchy 
where every vehicle should be registered beforehand. 
Revocation authorities are leveraged to revoke the iden¬ 
tity of the vehicle when needed with the consent from 
law enforcement authorities (police or judiciary) in the 

2. Throughout the paper, the terms 'vehicle', 'vehicular node', and 
'OBU' are used interchangeably and we mean electric vehicle collec¬ 
tively by these terms. 
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form of a warranf. There may be heferogeneous fypes of 
vehicles on fhe road, buf for ease of undersfanding, we 
focus only on fhe elecfric vehicles in fhis paper. There¬ 
fore, our proposed scheme can be easily implemenfed in 
fhe VANET framework, which is one of fhe mosf popular 
and promising fufure vehicular infrasfrucfure. 

The faxonomy of fhe sysfem parficipanfs is shown 
in Fig. 1^ and fhe network model is shown in Fig. 
We consider a fleef of elecfric vehicles on fhe road 
where fhese vehicles receive elecfric power from fhe 
power line insfalled beneafh fhe road, depending upon 
fhe usage of fhe vehicle. If can be seen in Fig 1 fhaf 
road segmenf consisfs of fhe power line disfribufion 
fechnology insfalled beneafh fhe road in fhe form of 
charging plafes. A porfion of fhe charging plafe is 
leveraged for aufhenficafion purpose and fhe resf of 
fhe charging plafe is used for fransferring fhe elecfrical 
energy fo fhe vehicle (see Fig. [^. Vehicles mufually 
aufhenficafe each ofher wifh fhe charging plafe before 
receiving elecfric power from fhe plafes. Affer successful 
aufhenficafion, fhe fixed designafed amounf of elecfrical 
energy is fransferred fo fhe baffery and fhe vehicle is 
billed accordingly. The communicafion channel befween 
vehicles, regisfrafion and revocafion aufhorifies, and fhe 
charging plafes is based on Dedicafed Shorf Range Com¬ 
municafion (DSRCj^ sfandard whereas charging plafes 
are connecfed fo fhe charging service providers fhrough 
high speed wired links. Our proposed scheme is based 
on fhe following assumpfions. 

a. Elecfric vehicles are equipped wifh On Board Unif 
(OBU) and Tamper-Resisfanf Module (TRM) fo carry 
ouf fhe secure compufafion. 

b. DMV is a frusfworfhy enfify and only DMV is au- 
fhorized fo inifialize fhe TRM and sfore necessary 
securify paramefers and keys in if, whereas CSPA, 
charging plafes and OBUs are non-frusfworfhy. 

c. Every vehicle is also pre-loaded wifh a pool of 
pseudonyms (fraceable by revocafion aufhorifies) for 
privacy reasons. 

d. Charing plafes are insfalled under fhe designafed 
road segmenfs by CSPA and are equipped wifh hard¬ 
ware fhaf is capable of carrying ouf secure compufa¬ 
fion and communicafion operations. 

e. Vehicles change fheir pseudonyms af every charging 
phase. 

f. The charging process is nof aufomafic and if can be 
sfarfed wifh fhe consensus of fhe driver if fhe baffery 
needs fo be recharged. 

g. For a single charging plafe, a fixed amounf of charge 
is fransferred fo fhe baffery and a fixed amounf of bill 
is charged fo fhe customer, and fhus a semi-sfafic and 
fixed billing sysfem. 

Moreover fhe proposed billing framework musf fulfill 
fhe following requiremenfs. 

R-1 While fransferring elecfric power fo fhe vehicle, 
bidirectional audifabilify musf be guaranfeed. In 


Charging Service 
Providing Authority 
(CSPA) 



Coinmunicnting and Billing 

1 Hardware 


Charging Plate (CP) I 

Magnetic Coils 


Fig. 3: The Network Model 


other words, the vehicle must not be over-billed and 
the CSPA must not be under-paid. 

R-2 The conditional privacy of the vehicle's location and 
the user must be preserved. The identity of a vehicle 
owner should be revoked to the power supplier only 
if it is legally necessary, e.g. refuse to pay. 

R-3 Due to the resource constraints of the charging plate 
and the speed of the vehicle, the communication 
between charging plate and OBU, and between 
charging plate and CSPA must be minimal. More¬ 
over the authentication mechanism must be very 
fast and lightweight. 

R-4 The billing procedure must be verifiable by all the 
entities, i.e. OBU, CSPA, and DMV. 

R-5 At the time of charging, both the players should be 
in the Nash Equilibrium state. 

3.2 Threat Model 

In our threat model, we consider that both participating 
parties (charging plate and OBU) may be malicious. 
Their behavior can be malicious in terms of either by¬ 
passing the billing process or overcharging the energy 
receiving entity. Besides, the CSPA can also abuse the 
privacy of the electric power consumer vehicle by either 
exposing their location information or selling out their 
location-based profile to other third parties such as ads 
agencies and so forth. Moreover, the adversaries can sniff 
the communication between charging plate and OBU, 
modify it or forge it. We argue that the adversaries 
will have more resources than the participating entities. 
However, the timeliness of possible attack is a challeng¬ 
ing front for the adversaries where the possible attacks 
must be performed within the stipulated time that is 
equal to the duration of the charging and billing. 

4 Proposed Bidirectional Auditability 
IN Online Electric Vehicle 


In this section we outline the proposed power trans- 
3. [Online] http://www.iteris.com/itsarch/html/standard/dsrc5ghz.htiftT and billing mechanism and the bidirectional audit 
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between the charging plate and the OBU by a game- 
theoretic approach. 

4.1 Baseline 

Before using the wireless electric energy transfer service 
on the move, vehicles must have registered with the 
DMV to initialize their TRM and to store the security 
parameters and pseudonyms in it. Additionally, the vehi¬ 
cles must also register with the CSPA to get the necessary 
security parameters, required to the charging plates at 
authentication stage. lAdrenever a vehicl^ enters the 
road section with power line underneath it, it opts for 
eifher obtaining the electric power or not. If fhe vehicle 
selecfs fhe power recepfion, then it has to mutually 
authenticate with the charging plate. We propose two 
very fast and lightweight mutual authentication mech¬ 
anisms, one is based on only hash and XOR functions 
and inspired by the Chuang et al.'s scheme p^ , while 
the second one is based on the hash chain. The former 
is a direcf authenticafion befween charging plafe and 
OBU whereas fhe latfer is aufhenfication fhrough CSPA. 
In fhe former scheme, charging plafe incurs minimum 
communication delay whereas in the latter, charging 
plate incurs minimum computation delay. Both of the 
proposed scheme are suited for specific purposes fhaf are 
explained in the paper. After successful authenticafion, 
fhe power transfer process sfarfs and charging plate 
sends the billing information to both OBU and CSPA. 
The billing is fixed on per charging plafe basis. We also 
model the billing and audit as a game between OBU 
and charging plate where both of fhem musf achieve 
fhe Nash Equilibrium sfafe. 

4.2 Preliminaries and Initializations 

4.2.1 System Initialization 

Notations in Tablej^are employed throughout the paper. 
We use pseudonymous approach for privacy preserva¬ 
tion. In addition, in order to store the individual secret 
keys of the vehicles, i.e. Ksym and Ky in the revocation 
authorities (RAs), we use ElGamal encryption algorithm 
over elliptic curve cryptography (ECC) due to its proven 
security. Let G be a cyclic group of prime order q where 
G is generated by a generator P. Eirst of all DMV chooses 
a random number x G Z* as its private and computes 
PK'^ = xP as its public key. DMV then uses threshold 
based secret share scheme [ | 20 | and divides x into j 
parts where j is the number of revocation authorities, 
each RAi holds a share Xi and Xi G (cci, a:: 2 , 0 : 3 , ...,Xj). In 
order to construct x from individual Xi, RAs must elect 
one of them to be group leader and construct x from 
combination of Xi. Eor the selection of group leader, any 
available efficient group leader election mechanism in 
the networks can be used. 

4. The term ‘vehicle'throughout the rest of the paper should be read 
as electric vehicle. For the sake of simplicity we use the term vehicle 
instead of charging vehicles. 


4.2.2 TRM Installation 

Only DMV is authorized to install the TRM in the vehicle 
for the first time after purchase or re-purchase. The 
owner of the vehicle has to personally visit the DMV for 
the installation and/or initialization of the TRM. After 
confirming the credentials of the vehicle and its owner, 
DMV initializes TRM and saves the system parameters 
in the TRM including (G, q, P, PK^, cy, incy). Addition¬ 
ally DMV also preloads TRM with vehicle's individual 
secret key Ky and pseudonym generation key Ksym- 

4.2.3 Pseudonyms Assignment 

DMV generates n number of pseudonyms for each 
vehicle by taking vehicles secret counter cy and in¬ 
crement it by vehicle U's incrementing factor incy. 
The pseudonyms are generated as follows: PSq^jj = 
{ict)K,y^\\{cx © ID)Kv\\m}K~j^^^ where a = cy+nyincy, 
rii is the current count of generated pseudonym (note 
that it may not be linear), and ID is the vehicle's 
identity. Then DMV stores these pseudonyms in its 
database and indexes it with the value of n. After all 
pseudonyms are generated for the vehicles, DMV saves 
these pseudonyms in vehicle's TRM along with another 
value XoBU = KPSqbu^ PSqbu^ P^obu) sends 
the anonymous pseudonyms to RAs as well. In order to 
help in revocation, TRM also encrypts both Kgym and 
Ky and sends it to RAs which serve as a trapdoor in 
revocation. The aforementioned keys are encrypted with 
public master key using ElGamal encr 5 rption as follows: 

= tP, 52 = {KsymWKy) © H{rPK+) 

r is a random nonce selected by the TRH for this 
encr 5 qjtion, then it sends {< 51 ,^ 2 } to RAs. However RAs 
can only decrypt the keys Kgym and Ky when they have 
a warrant to do so after colluding to construct x from 
individual Xi. The reason for saving encr 5 rpted keys in 
RAs dafabase is twofold: RAs use these keys to revoke 
a vehicle in case of any dispute and for privacy reasons; 
we do nof want RAs to link pseudonyms and / or extract 
Cy and incy from the beacons until necessary, otherwise. 

It is also to be noted that when a vehicle consumes all 
the pseudonyms it has in the pseudonym pool, it needs 
to obtain a batch of fresh pseudonyms from the DMV. 
The vehicle does not need to be physically present at 
DMV, rather it can obtain the pseudonyms from DVM 
by connecting through internet. We assume that the 
existing pseudonym refilling sfrafegies can be used pT]- 
||2^. Now we oufline fhe fwo mechanisms for mutual 
authentication and billing. 

4.3 Direct Mutual Authentication (DMA) 

In the direct approach, OBU and CP mutually authenti¬ 
cate each other without intervention of the CSPA. Eirst 
of all CSPA creates I number of masfer secref keys 
MSK based on hash chain by selecting a secret s where 
MSKi = K{s) and sends the key to DMV as follows: 

CSPA -G DMV : MSKi{i = 1, 2,3,..., 1) 
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TABLE 1: Legend for symbolic notations 


Notation 

Explanation 

G 

Cyclic group of Order q 

P 

The generator of G 

r 

Random nonce 

X,Xi 

Private master key and i-th share of x 

PK+ 

Public key corresponding to x 

K~ 

^ DMV'^^ DMV 

Public private key pair of DMV for signing pseudonyms 

cy 

Vehicle V's secret initial counter used in pseudonym generation 

incy 

Incrementing factor for pseudonyms 

f^sym 

Vehicle V's AES symmetric key used in pseudonym generation 

Ky 

y's individual secret key 

^^OBU 

Vehicle V's ith pseudonym 

MSK 

Hash Chain based Master secret key 

^OBU 

Hash of the overall pseudonym pool 

CertoBU 

OBU's anonymous certificate issued by a certification authority 

PWDqbu 

OBU's initial password to log in to the system in order to start registration 

H{-) 

A MaptoPoint hash function asiT:{0,l}*—^-G 

h(-) 

Collision-resistant hash function 

hk{-) 

Keyed hash function 

e 

Exclusive OR operation 

II 

Concatenation function 


MSKi is a hash chain based master secret key which 
is based on a secret s and MSKi = h^{s). In other 
words, each MSKi is used for a designated amount of 
time, and CSPA updates MSKi after regular intervals. 
Since MSKi is distributed by CSPA, it can be updated 
in timely marmer by CSPA and vehicles will receive 
the updated MSKi in their next registration phase with 
CSPA. After that, DMV also sends Xqbu of the regis¬ 
tered vehicles to CSPA for records. 

DMV CSPA : Xqbu 

Each vehicle has a pool of legitimate traceable 
pseudonyms from DMV and at the time of authentica¬ 
tion, it can use any pseudonym to start charging. The 
vehicle will be billed based on the used pseudonym. 

4.3.1 Vehicle Registration with CSPA 

The vehicle, most precisely its OBU, must register with 
CSPA before charging. We assume a secure charmel 
between CSPA and the vehicle. The registration of the 
vehicle proceeds as follows. The vehicle starts with the 
password and upon access, the CSPA calculates some 
security parameters for the vehicle and sends it back to 
the OBU. The different steps and their descriptions are 
given below: 

a. OBU CSPA : PWDobu^Xqbu- OBU sends these 
values to CSPA on a secure charmel. If PWDqbu is 
valid, then the protocol will proceed. 

b. CSPA calculates the following 3 values, i.e. Hi,H 2 , 
and iLa. Hi is used as a secure parameter kept by 
CSPA. H 2 and are the authentication parameters 
that are sent back to the OBU. 

Hi = h{s\\XoBu) 

H2 = h?{s\\XoBu) 

H 3 = MSK 0 Hi 


c. CSPA registers the OBU by sending the hash function 
H2, and H3 to the OBU and recording these 
parameters by storing it in its database against the 
value of Xqbu- 
CSPA ^ OBU : XoBU, ti(), 

4.3.2 Authentication between OBU and CP 
After completing the registration phase with CSPA, 
when the vehicle passes through the section of the 
power-line-enabled road, it starts authentication process 
with the charging plate. The vehicle starts by selecting 
a pseudonym from its pool of pseudonym and proceeds 
the whole electric power receiving process with the se¬ 
lected pseudonym anonymously. The partial per charg¬ 
ing bill is prepared based on the presented pseudonym 
in the authentication/charging process. It is to be noted 
that a fixed amount of electric power is delivered to 
the vehicle's power reception module that costs a fixed 
amount. The comprehensive mutual authentication steps 
are given below: 

a. OBU selects a pseudonym PS^'q^jjA = 1,2,3, ...,n 
from its pool and calculates the following parameters. 

Cl = h{H2) © PS^OBU 
C-2 = ^{P^OBu) ® ^OBU 

C3 = h{h{PSQgjj)\\c2\\H3) 

b. Then OBU sends CP, the values calculated in previous 
step along with H3. 

OBUCP : ci,C2,C3,H3 

c. CP executes the following steps. 

i. Start with H3 and extract the secret Hi as MSK® 
Hi © MSK. 

ii. It calculates H 2 and extracts PSq^jj from ci. 

iii. Then it checks for the value C 2 if it is equal to 

HPSqbu) ® ^OBU- 
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Fig. 4: Authentication process in DMA scenario 


iv. And check if C 3 is equal to the retrieved values 
h{h{PSQgij)\\c 2 \\H 3 ) then the OBU is authenti¬ 
cated, otherwise the authentication fails. If is fo 
be nofed fhaf fhere will be a fixed number of fries, 
failing which will half fhe aufhenficafion process. 

Affer successful aufhenficafion, OBU and CP inifi- 
afe fhe protocol fo consfrucf a session key SKqbu-cp 
which is used for fhe later communication and billing 
parameters. The inifializafion of session key from CP 
serves as an acknowledgemenf fo aufhenficafion as well. 
The OBU will nof have been aufhenficafed, ofherwise. 
CP exfracfs Xobu from fhe received messages C2 and 
selecfs ifs nonce as Vcp and calculafes session key as 
SKobu-cp = HPSqbuW'^'cp)- CP also calculafes fhe 
following parameters. 

C 4 = IDcp © Tc 

C 5 = © h{h{PS’QBjj)) 

C 6 = ^(rc||c4||c5) 

Cy = PIi © h^{PSQ^jj) 

IDcp is the ID of fhe charging plafe. Affer calculating 
fhe above values, CP consfrucfs an aufhenficafion reply 
message and sends if back fo OBU. This aufhenficafion 
reply means fhaf OBU has been aufhenficafed and ofher 
parameters will be senf for fhe session key calculation. 
The following aufhenficafion reply message is senf fo 
OBU. 

CP ^ OBU :C4,C5,C6,C7 

From fhe above reply message, OBU exfracfs Tc from 
C4 and checks if cq is equal fo h{rc\\c 4 \\c^). If fhe in¬ 
formation is correcf, fhen fhe OBU aufhenficafes CP 
as well and computes fhe session key SKqbu-cp = 
h{PS'^Qgjj\\rc), exfracfs Hi from cy and stores if as a 
securify paramefer. 

Af fhis poinf in time, fhe mufual aufhenficafion is 
complefed and fhe elecfric power reception process will 


sfarf based on fhe esfablished session key SKqbu-cp- 
When fhese fwo enfifies (OBU and CP) aufhenficafe 
each ofher fhen fhe vehicle will receive fhe designated 
power from fhe road (charging plafe). Af fhe end of 
each phase of fhe charging plafe af CPi, a unif cosf Ci 
will be accumulafed fo fhe accounf of fhe OBU againsf 
ifs presented PSq^jj. Af fhe end of fhe whole power 
fransfer from a number of charing plafes, bofh OBU and 
CSPA will have fhe log of fhe amounf of fransferred 
power and fhe OBU will be billed accordingly which 
will be verifiable by bofh CSPA and fhe OBU. The whole 
aufhenficafion process in case of DMA, is shown in Fig|^ 

4.4 Pure Hash Chain based Authentication (PHA) 

For a fast moving vehicle the DMA approach can be ap¬ 
plied where computation is done locally by the charging 
plate; however, DMA may incur reasonable computation 
delay. Therefore we propose another indirect authenti¬ 
cation mechanism based on hash chain carried out by 
CSPA where computation delay is minimum whereas 
a small communication delay is introduced. Moreover 
this mechanism is most favorable for low speed vehicles. 
DMV provides the OBU with n pseudonyms PSq^^, i = 
1 ,2,3,..., n, and hash chain corresponding to each 
pseudonym h{PSligu),h^{PSlig^), ...,h^{PSi)su). We 
assume that for the sake of charging the vehicle's battery, 
the vehicle registers with the CSPA based on the policy. 
In other words, the car uses a new hash chain based 
on the designated interval in the policy. Authentication 
process takes place as follows: 

a. The vehicle registers with CSPA and sends one of the 
hash chain head to CSPA ^"(PS'q^j^). 

OBU ^ CSPA : h-^{PS^osu),XoBU.CertoBU 

b. At the time of authentication and request for charg¬ 
ing, the vehicle must provide the CP with a member 
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hash from the registered hash chain /i" ^{PSqbu)- 
OBU ^ CP : h^-HPShBu),XoBU 

c. CP forwards this value to the CSPA. 

CP ^ CSPA : timestamp, h’^~^{PSQgjj), Xqbu 

d. CSPA validates the hash, checks if {PSq^jj)) = 

h^iPSQ^u) and replies accordingly. CSPA also re¬ 
places h'^iPSQgjj) wifh h{h^~^{PSQgjj)). In addifion 
fo aufhenficafion, CSPA also provides fhe CP wifh a 
session key SKqbu-cp and saves it in its database 
with time and the Xobu- h is to be noted that, CSPA 
issues a single session key for all fhe plafes for a 
particular vehicle and a particular hash chain. 

CSPA —>■ CP : Auth.Status, {SKobu—cp}x'^ 

CP —)■ OBU : {SKobu-cp}k+ 

^ OBU 

e. If fhe aufhenficafion is successful fhen charging plate 
will transfer fhe elecfric power to the vehicle, other¬ 
wise the process halts. It is to be noted that one hash 
chain is long enough to use it for fhe whole day. For 
fhe nexf day, the vehicles can register another hash 
chain. This process will still preserve the conditional 
privacy of fhe OBU. 

The protocol for pure hash chain based aufhenficafion 
mechanism is given in Fig 

4.5 Power Transfer, Billing, and Auditability 

Once the mutual authentication is completed between 
the charging plate and OBU, the vehicle starts to re¬ 
ceive the power from fhe road (charging plate) semi- 
simulfaneously wifh billing. More precisely, fhe vehicle 
is billed at a charging plate level. At the end of fhe 
charging process, fhe fofal bill is accumulafed bofh at 
OBU and the CSPA. The process is explained in case of 
bofh direcf and indirecf aufhenficafion as shown in Fig 
and Fig|^ 


4.5.1 Online Electric Power Transfer and Billing in DMA 

In case of DMA, CSPA has access fo fhe pseudonym 
used in fhe aufhenficafion process fhrough CP. Therefore 
after a successful authenficafion and establishmenf of 
a session key, vehicle requesfs for the electric power 
and presents the charging palte and CSPA with the 
pseudonym and other parameters for fhe billing pur¬ 
pose. The series of steps are given below: 

OBU CP : 

{timestamp\\ChargingReq.\\PSl)Bu\\h-Kvioi)}sKoBu-cp> 
a = {timestamp\\ChargingReq.\\PSQgjj) 

CP ^ OBU : {Ack,timestamp\\PS)jgjj\\hKv{o)} 

At this point the charging plate starts billing and 
sends the bill log to OBU and to CSPA. The bill is 
logged against two values, Xqbu and the consumed 
pseudonym PSQg^. 

CP —>■ CSPA : {timestamp\\PS]jgu\\XoBu\\CostcPi) 
CSPA : Cost Xobu = CostcPi 

In case of DMA, the CSPA accumulates all partial billing 
information from individual charging plates and bill 
the OBU accordingly. It is worth noting that we use a 
constant cost per charging plate. 

4.5.2 Online Electric Power Transfer and Billing in PHA 

In case of PHA, fhe CSPA does nof have access fo 
individual pseudonyms; rafher it maintains the billing 
information based on the Xobu value. After successful 
aufhenficafion, OBU requests for online power fransfer 
and fhe elecfric power fransfer begins. Meanwhile, CSPA 
bills fhe cosf for the current CP and accumulates it to the 
account against Xqbu with timestamp information. The 
series of sfeps are given below: 
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OBU CP : 

{timestamp\\ChargingReq.\\XoBu\\hKv il3)}sKoBu-cp^ 
13 = {timestamp\\ChargingReq.\\XoBu) 

The charging plate forwards the request to CSPA where 
CSPA constructs a reply message for the OBU. Mean¬ 
while when charging plate receives the reply message 
from CSPA, the vehicle will start receiving power and 
CSPA will record the cost for the current charging plate. 

CSPA —>■ CP : {timestamp\\XoBu\\hKv{P)) 

Charging plate forwards the message to OBU accord¬ 
ingly whereas CSPA calculates the bill for current charg¬ 
ing plate and accumulates with the partial bills from 
previous charging plates. 

CSPA : CostxoBu — CostcPi_i + CostcPi 

This way, CSPA calculates the bill partially simultane¬ 
ously with charging process which is the motive of our 
GHP game. We will discuss our OBU-CP game in the 
next subsection. 

4.6 Bidirectional Auditability Game 

We formalize the bidirectional auditability as an instance 
of the Guest-Host problem (GHP) with game-theoretic 
approach. In the GHP, the guest wants to use the hotel 
for a few days and does not want to get a bill (no) greater 
than actual use. Whereas the host wants to charge the 
bill to the guest for the actual (or more) use but wants to 
make sure that the guest does not deny the actual use. 
In our scenario, OBU can be assumed as guest and the 
charging plate as the host. 

We explain the bidirectional auditability between OBU 
and charging plate with the help of an uncooperative 
game Q which is defined as a triplet {'P,S,'PO). V is 
the set of players of the game, S is the set of strategies 
followed by the players and VO is the set of payoff 
functions as a result of the players' strategies. 

4.6.1 Players 

The set of players V = {OBU, CP} corresponds to the 
set of OBUs and the charging plate (CP). There can 
be multiple OBUs serviced by the CP but we assume 
that at certain instant of time, only single OBU will 
be entertained at the start of the CP. Without loss of 
generality, multiple OBUs can recharge their batteries 
after successful authentication. 

4.6.2 Strategy/Move 

In our game, each of the two players follow two 
strategies, either Cooperate{C) or Deviate{D) and thus 
Si = {C,D}. Moreover in cooperation state, each player 
makes a move that produces a better payoff. By coop¬ 
erating, a vehicle changes its pseudonym every time 
is charges the battery and the CP bills it accordingly. 


TABLE 2: Strategic moves of the players in the game Q 


OBU \ CP 

C 

D 

C 

1,1 

1,0 

D 

0,1 

-1,-1 


Whereas in case of deviation, OBU misbehaves and does 
not follow the protocol or CP overcharges the bill against 
OBU. 

4.6.3 Payoff Function 

We formulate a payoff function for both players of the 
game. The payoff function VO{t) is given by: 

VO^{t) = ai(t) - cosU{t) 

ai{t) is the advantage of player i at time t and costiit) is 
the cost of achieving ai{t). It is to be noted that ai{t) de¬ 
pends upon the successful battery charging and the nor¬ 
mal billing and costi(t) depends upon the pseudonym 
change for charging and the authentication overhead for 
both CP and OBU. 

In game Q, the players do not know the strategic 
behavior of the opponent unless the complete billing has 
been done. Since we have only two strategic behaviors 
from the set Si = {C, D}, there is 50% probability for the 
players to guess the behavior of the opponent keeping 
in mind its payoff. 

Definition: The best response bri{Sj^[c,D]) on the part of 
a player i is a move such that: 

bri{Sj(z[c,D]) = m.ax{VO^{si)) 

In other words, the best response of a player i will 
be such that it results in a maximum payoff. If the two 
players unknowingly strategically give best responses to 
each other in the game, then the opponent will not have 
any chance to deviate from the game and the result of the 
game is called Nash Equilibrium (NE). When the game 
reaches an NE, then the players carmot increase their 
payoff by changing their strategy or deviating from the 
best response strategy. 

4.7 Nash Equilibrium in g 

In NE, every player plays its best move and correctly 
anticipates that its opponent will do the same. In Table 

we outline the possible moves made by each players. 

In our game, there is only one NE which is achieved 
through (C, C). It is worth noting that a game may 
have more than one Nash Equilibria depending upon 
the nature of the game. In our game, the best strategy 
for OBU is to choose 'C' no matter what charging plate 
chooses between 'C"and ‘D’. This is because the only 
way for OBU to maximize its payoff in the form of 
battery charge and fair billing is to choose 'C"at the 
expense of the cost incurred by changing pseudonym 
and shared authentication overhead. OBU may not know 
the strategy of the charging plate. The 'D' strategy will 
cause the loss which is unfair auditability leading to 
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revocation for both CSPA and the OBU. Therefore from 
the strategic Table 2, (1,1) is the best response from 
both side, where they cannot increase their payoff by 
changing their strategy. 

5 Evaluation and Analysis 
5.1 Security and Privacy Anaiysis 

The security of our proposed scheme depends upon 
the collision resistance property of the one-way hash 
function. Given any m, it is easy to compute h{m), and 
computationally very difficult to calculate the value of 
m from h{m). The most basic security requirement of 
our proposed scheme is mutual authentication between 
charging plate and OBU. With our proposed lightweight 
authentication protocol which is an extended version of 
Chuang et al.'s protocol, mutual authentication is 
guaranteed before starting the charging process. If the 
underlying hash mechanism is secure, then our proposed 
authentication can be considered secure. However the ef¬ 
fect of keys compromise can be critical for our proposed 
scheme. From the OBU perspective, compromising Ky 
does not have dire consequences because the adversary 
A can get only a part of pseudonym, not the whole 
pseudonym. In case of the compromising both Ksym and 
Ky, A can not only manipulate pseudonyms, but can 
reuse them. Moreover our system can prevent the secret 
sharing attack because a vehicle must authenticate itself 
prior to charging its battery. Since the charging plate 
authenticates the user, therefore two users cannot use the 
same secret and / or re-use it because timestamp and the 
local log of the usage of charging plate or CSPA will stop 
the vehicles from doing so. In other words, the protocol 
must follow the steps: (i) registration, (ii) authentication 
and (iii) power transfer. 

Secure bidirectional auditability is provided through 
semi-simultaneous billing procedure incorporated in our 
proposed scheme. Each charging plate is capable to 


transfer a fixed amount of electrical energy to the battery 
and bill the vehicle with a fixed amount. Since vehicles 
use either individual pseudonyms PSq^jj, or the com¬ 
bined hash value Xobui the final bill is the combination 
of the costs of individual charging plates. Each OBU 
knows the cost per charging plate, and it records the 
cost in its log as well. Both CSPA and OBU can verify the 
individual and final bill of the power transfer in a liable 
and a non-repudiate marmer. It is also worth noting that 
it is the duty of CSPA to make sure the freshness of the 
session key and use different session keys in different 
charging plates for security reasons. The behavior of both 
charging plate and OBU from security perspective is 
depicted by the game Q where they establish NE during 
charging transaction. 

Our proposed scheme also preserves conditional pri¬ 
vacy of the users during electric power transferring and 
billing process. We do not use any real identity that 
could lead to the actual user, instead we use a series 
of legitimate pseudonyms. 

Moreover in order to measure the privacy and the 
anonymity of the vehicles, we calculate the entropy 
of the user denoted by H. The anonymity set needed 
entropy calculation is, the set of active vehicles at the 
certain time t that are in the process of charging their 
batteries. Let anonymity set is U and let pjj. is the 
probability that the node Ui be the target vehicle whose 
anonymity is being calculated or Ui is under surveillance 
by adversary A, where VUi G U, Y^^iPUt = 1- The 
entropy T-L of the target user Ui in the anonymity set 
U is given by: % — — x log 2 P( 7 i- Since our 

anonymity set is U, the possible outcomes can be \U\ 
assuming the fair distribution and the probability of 
each outcome will be If the distribution is normal 
and the occurrence of the nodes to be related to the 
pseudonyms in question is equally likely, then the max¬ 
imum entropy is also given by the following formula: 
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'Umax = -Y}i^lPUi X l0g2PC/i = log2 PC/; • 

Theorem 1. In case of any dispute, the node in question can 
be revoked and the pseudonym in question is linkable to the 
actual user 

Proof: In order to proceed with revocation, RAs get 
the warrant from the authorities and then look into the 
n values of the message in question that are provided to 
RAs in order to figure out which pseudonym was used. 
After that, RAs collude and construct x from individual 
Xi related to the pseudonym in question and the session 
leader decrypts the keys from cipher text c = {< 51 ,^ 2 } 
as follows: PSq^jj = 62 ® H{xdi) = {Ksym\\Kv) © 
H{rPK^) © H{rxPK'^). When RAs decrypt the keys 
Ksym and Ky, then revocation is almost done, all RAs 
have to do is to decr 5 q)t the and then extract ID 

of the vehicle from the pseudonym. □ 

Lemma 1. It is hard to impersonate other OBU in the process 
of online power transfer. In other words, it is hard to get away 
with billing procedures. 

Proof: Before starting the power transfer procedure, 
the vehicles have to register with CSPA in both direct 
and hash chain-based authentication and provide CSPA 
with XoBU- And at the authentication stage, OBU has to 
provide the charging plate with ci and C3 that contain 
H 2 and iFa respectively. At the registration phase, H 2 
is associated to the Xqbu of the current authenticating 
vehicle. Therefore any adversary A with H 2 ' without 
knowing the secret s, it will be hard to calculate valid 
Cl, C 2 , and C 3 at the authentication phase. Therefore the 
values sent to the CP for authentication will be ci', C2', 
C3', and Hf all of which must have association with 
the Xqbu of the pseudonym PSq^jj. Arguing on the 
collision resistance of the hash function used, it can 
be inferred that the probability of calculating the right 
values with not knowing the Xqbu is small, therefore it 


is hard for anybody to impersonate other OBU with a 
pseudonym. □ 

The following corollary naturally follows: 

Corollary 1. Replaying the poioer transfer request message 
and/or Pseudonym will not benefit the malicious intent of the 
user. 

The argument is divided into two parts. Replaying a 
message will result in the existence of previous power 
transfer records with this information. Upon success¬ 
ful power transfer, the CSPA maintains a log with 
timestamp and billing information against the used 
pseudonym. Let an OBU charges its battery at CPx at 
particular time ti after successful authentication, the log 
is recorded at CSPA with the used pseudonym and other 
credentials. At ti^j, the OBU again uses the message, 
then there are two possibilities. First, the OBU must have 
already been authenticated before sending this message; 
in that case, it will receive the power accordingly, sec¬ 
ondly if it is not authenticated, then CSPA must have 
figured out that the record already existed and that the 
OBU was malicious. In either case, the OBU carmot 
benefit from such behavior. The same argument stands 
for the pseudonym as well. 

5.2 Computation and Communication Overhead 

In this subsection we consider the computation and 
communication overhead incurred by the OBU and 
CP in the process of mutual authentication and power 
transfer. In the computation overhead, we consider the 
authentication cost incurred by OBU and CP denoted 
by Tauth-OBU and Tauth-cp respectively and the cost of 
revocation denoted by Trev in the direct authentication 
method. When OBU mutually authenticates with CP, 
it performs 3iL + 2EO operations, where H denotes 
the hash operation and EO denotes the exclusive OR 
operation. CP performs 6H + 5EO operations. The cost 
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of revocation T^ev in our proposed scheme is given by: 

Trev = 2T-y + 2Tjnui + + 2Tjf,c 

is the time incurred by the pseudonym search table, 
Tmui is the time required for point multiplication, Th is 
the time required to calculate hash, and Tdec is the time 
required for symmetric decr 5 rption. In |[20|, Tmui is found 
for a supersingular curve with embedding fc = 6 over 
F 397 to be equal to 0.78 ms. Hence the above equations 
can be written as: 

Trev = 1.56 + 2(T.y + Th + Tdec) 

We also discuss the authentication processing time 
by both OBU and CP. According to |T5|, SHA2 hash 
operation takes 0.76 psec. Therefore OBU takes about 
2.28 fisec and CP takes about 4.56 psec. It is worth 
noting that since the XOR operation time is usually 
a single clock on CPUs which is infinitesimally small, 
therefore we ignore it. In case of the hash chain-based 
authentication, OBU cost is only ID, where D denotes 
the decr 5 qition operation. CSPA incurs IH + IE, E is the 
encr 5 q)tion operation. 

We also calculate the authentication overhead. In case 
of DMA, the communication overhead is equal to 71 -I- m, 
where u is the size of the pseudonym. We assume 
SHA — 512 as a hash function and consider the [ [2^ 
implementation of timestamp which is 6 bytes. Simi¬ 
larly, in case of PHA the communication overhead is 
fixed and incurs 135 bytes where timestamp is 6 bytes, 
CbargingReq. is 1 byte, Xobu is 64 bytes and is 

also 64 bytes. 

5.3 Length of Charging Plate 

The efficiency of the power transfer and the auditabil¬ 
ity depends upon the length of the charging plate. 
Therefore, the length of the charging plate must be a 
tradeoff between the authentication and billing delay 
and the time required to acquire the specified amount 
of electrical power from the charging plate. The plate 
should not be too short where a vehicle cannot receive 
the promised amount of power after spending most of 
the time on the authentication and billing. Similarly the 
plate should not be too long, where mutual auditability 
is on stake and semi-simultaneous audit is not possible. 
To date, the size of the segment is not fixed; however, 
OLEV project considers the length of the segment to be 
5 m which is still controversial because of the authenti¬ 
cation and billing overhead incurred by the number of 
segments. Another important point is that the length of 
the segment is a design feature where the amount of 
electrical power, authentication and billing delay, and 
the time to acquire the guaranteed charge should be 
taken into account. In our scenario, we argue that the 
authentication delay incurred by both OBU and charging 
plate is less than a microsecond (optimistically) due 
to the design of authentication scheme. Therefore the 


uniformity of the pickup devices installed in the vehicles, 
and the capacity of delivering electrical power by the 
charging plates will play a vital role in deciding the 
length of the plate. 

5.4 Discussion 

In this subsection we analyze the effect of the two 
authentication strategies on the efficiency and the design 
parameters. In DMA, OBU and CP have to perform 
relatively more operations as compared to PHA; nev¬ 
ertheless the time consumed by these operations (hash 
and XOR) is less than encryption operation. That is why 
we argue that in performance, DMA will outperform 
PHA. Secondly, in DMA, both parties are involved in 
setting up the session key with mutual agreement. The 
communication cost is minimum since OBU and charg¬ 
ing plate are communicating directly. Therefore the only 
parameter that could affect the performance of DMA 
and PHA, is the length of the charging plate. If we 
consider the normal speed of the vehicle, then PHA will 
favor the lengthier charging plate than DMA, because of 
the communication delay incurred by the PHA. On the 
other hand, PHA does not cost any computation delay 
because the processing is carried out at resource rich 
CSPA and charging plate is only used as intermediary. 
However, in case of PHA, the session key is constructed 
by one entity, CSPA. Moreover the OBUs must save the 
hash chain of the currently used pseudonyms in the on¬ 
board storage thereby incurring storage cost. Therefore 
we can argue that, these two methods can be used in 
different circumstances that fit the necessary conditions 
for direct and hash-based authentication. For normal 
scenarios, DMA will be the fair choice because of its 
security, auditability guarantee, and robustness. 

6 Conclusion 

In this paper, we proposed a secure, privacy-aware, and 
bidirectional auditable mechanism for wireless power 
transfer in online electric vehicles. The power transfer 
technology is installed under the road in the form of 
charging plates where a segment of the road constitute 
a charging plate containing a hardware module for com¬ 
munication and lightweight computation. In our pro¬ 
posed scheme, the vehicles use multiple pseudonymous 
strategy to mutually authenticate with the charging plate 
and then expedite the power transfer. Meanwhile electric 
power service provider bills the vehicles on per charg¬ 
ing palate basis. Our proposed scheme provides secure 
and privacy-aware bidirectional auditability where the 
billing process is verifiable by both parties. Moreover 
we also present the game theoretic approach to validate 
the bidirectional auditability. 
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